Lucene search

K
cve[email protected]CVE-2014-9504
HistoryFeb 01, 2018 - 5:29 p.m.

CVE-2014-9504

2018-02-0117:29:01
CWE-284
web.nvd.nist.gov
13
cve-2014-9504
og subgroups module
open atrium module
drupal
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

71.2%

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.

Affected configurations

NVD
Node
open_atrium_projectopen_atriumRange7.x-2.07.x-2.26drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0alpha1drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0alpha2drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0alpha3drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0alpha4drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0alpha5drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0beta1drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0beta2drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0beta3drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0beta4drupal
OR
open_atrium_projectopen_atriumMatch7.x-2.0rc1drupal
VendorProductVersionCPE
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:alpha2::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:beta2::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:beta3::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:alpha3::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:beta1::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:beta4::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:alpha5::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:alpha4::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:alpha1::
open_atrium_projectopen_atrium7.x-2.0cpe:/a:open_atrium_project:open_atrium:7.x-2.0:rc1::

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

71.2%

Related for CVE-2014-9504